I'm sorry, but attacks like this are just not going to work very well. Most Linux users are not going to be installing software like this at all. I feel like I am already spoiled by the ease with which I can install software or updates. So if I am the average Linux user, I wait for my distro to release updates, and with one click or one command all software updates or security releases are downloaded and installed automatically. This is the future of Linux, and the one reason why no other OS can compete. There is just more available for Linux, and it's easier to install. Your thinking just has to change from what you could purchase or pirate under windows to what you can apt-get under Linux.

Now... The vulnerability inherent in this whole thing is the update sites and mirrors. With any apt or urpmi system you can add your own sources, without any verification that the files on the source have not been tampered with. At least none that the average user is going to bother with.

This is also part of the reason why there will NEVER be the security problems under Linux that there ARE under Windows. There are almost 400 distros of Linux, each doing things either slightly different or drastically different. There are hundreds and thousands of mirror sites for downloads of software or distros. I have 3 different Linux distros running at home. The systems that DO have the same distros are not the same, even if they have the same software installed. The versions are different among other things.

Microsoft is a huge, single, nearly stationary target. Linux will be a huge, fast-moving herd, with thousands of targets in all shapes and sizes. One shot will not take down the whole herd. It will barely register in the whole scheme of things.